Documentation
¶
Index ¶
Constants ¶
const ( Allow = 0 Deny = 1 DenyRoleTokenExpired = 2 DenyRoleTokenInvalid = 3 DenyInvalidParameters = 4 DenyDomainMismatch = 5 DenyDomainNotFound = 6 DenyNoMatch = 7 DenyDomainEmpty = 8 DenyDomainExpired = 9 )
Constant values that will return by CheckAccessWithToken method
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PermissionService ¶
type PermissionService struct{}
We will implement gRPC PermissionServer interface for this struct to use it in gRPC server. This interface has two method:
- CheckAccessWithToken
- GetServiceToken
func (PermissionService) CheckAccessWithToken ¶
func (permService PermissionService) CheckAccessWithToken(ctx context.Context, req *v1.AccessCheckRequest) (*v1.AccessCheckResponse, error)
This method implements one of PermissionServer interface. CheckAccessWithToken accept a struct named AccessCheckRequest that contains roleToke, access and resource that roleToken wants to use. This method will return a AccessCheckResponse type that contains an access number between 0 and 9.
func (PermissionService) GetServiceToken ¶
func (permService PermissionService) GetServiceToken(ctx context.Context, req *v1.ServiceTokenRequest) (*v1.ServiceTokenResponse, error)
This method implements one of PermissionServer. GetServiceToken accept a struct named ServiceTokenRequest that is a empty struct used in gRPC request message. This method will return ServiceTokenResponse type that contains a token string. There are three ways to getting roleToken from ZTS server:
- Using athenz service identity certificate, it means that we can use our service private key and cert file
- Using ntoken from a file, this ntoken will be expired in some time periods
- Using ntoken as command-line (not recommended since others running ps might see your ntoken)
we will use athenz service identity certificate in here to get roleToken from ZTS server. we're using copper argos which only uses tls and the attestation data contains the authentication details
Source Files